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Abstract 

The spectral test of random number generators (R.R. Coveyou and R.D. McPher- 
son, 1967) is generalized. The sequence of random numbers is analyzed explic- 
itly, not just via their n-tupel distributions. We find that the mixed multiplica- 
tive generator with power of two modulus does not pass the extended test with 
an ideal result. Best qualities has a new generator with the recursion formula 
Xk+i = aXk + cint(/c/2) mod2 rf . We discuss the choice of the parameters a, c for 
very large moduli 2 d and present an implementation of the suggested generator with 
d = 256, a = 2 128 + 2 64 + 2 32 + 62181, c = (2 160 + 1) • 11463. 
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1 Introduction 

The spectral test was proposed by R.R. Coveyou and R.D. McPherson in 1967 [|TJ. The 
advantage of this test is to present an algebraic criterion for the quality of the generator. 
For the mixed multiplicative generator X k+ i = aX k + cmodM 

min{|s| = \J s\ + . . . + with s a = Si + as 2 + . . . + a n ~ 1 s n = OmodM} (1) 

should be as large as possible Q, §]. The criterion is that simple since the n-tupels of 
random numbers form an n-dimensional lattice (cf. e.g. Fig. 2). A good generator has 
uniformly distributed n-tupels which refers to an almost cubic lattice || [|, ||. 

The lattice is a consequence of the (affine) linear dependence of X k+ \ on X k . From 
the figures on the left (type I) we see that the relation between k and X k is much more 
complicated. This is however one of the most fundamental aspects of randomness. In order 
to judge whether a sequence X k takes random values one would first plot the sequence 
itself and then maybe X k+ i over X k . 

Of course, the correlation between k and X k is not independent from the distribution 
of pairs (X k , X k+ i). E.g., a poor 'random' sequence X k = ak lying on a line with gradient 
a leads to pairs (X k ,X k+1 = X k + a) lying on a line with gradient 1 shifted by a off 
the origin. This makes it reasonable to judge randomness by only looking at the n-tupel 
distributions. However, random number generators which have identical valuation by the 
spectral test may still look quite different. The generators X k+ i = 41X k + 3 mod 1024 
(Fig. 3) and X k+ i = 4lX k + 1 mod 1024 (Fig. 4), e.g., differ only by the additive constant 
which does not enter Eq. ([!]). The lattices of pair distributions (type II in the figures) 
are similar whereas the plots of X k over k show different behavior. The spectral test not 
even makes a difference between a prime number and a power of two modulus (cf. Fig. 1 
vs. Fig. 2). 

Therefore it is desirable to include the analysis of the correlation between k and X k 
into the valuation of the test. In fact it is possible to analyze the accumulation of random 
numbers along certain lines (which is often seen in the figures) by Fourier transformation. 
More generally we extend the spectral test by analyzing the correlation between k and 
the n-tupel (X k ,X k+ i, . . .,X k+n _i). The generators mentioned above (Figs. 3, 4) acquire 
different valuations. Fig. 4 is preferred since the random numbers spread more uniformly 
in Fig. 41 than in Fig. 31 (cf. Sec. |3T2| 1). 

We will find that the commonly used mixed multiplicative generator always shows 
correlations along certain lines if the modulus is not a prime number. We will present 
an improved generator which is almost free from these correlations (Fig. 7). It has the 
recursion formula 

X k+1 = aX k + cint (Jfe/2) mod2 d (2) 

with the parameters 

d = 2 k d , a = 2 2k ~ ldo + 2 2k ~ 2do + ... + 2 2do + (3 580 621 541 mod 2 d °) , 

c = (V lt ( 2fe+1/3 ) do + l] (3 370 134 727mod2 do ) . (3) 
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In particular, the case do = 16, k = 4 is discussed in Ex. 7.1. 

This generator is supposed to be a good choice with respect to the following three 
criteria. 

Firstly, the sequence of numbers provided by the generator should behave as close to 
a true random sequence as possible. 

Secondly, the calculation of random numbers should be as fast as possible. The gen- 
erator given in Eqs. (H), (§) is explicitly constructed to have best performance. It is 
important to note that this is not independent from the first criterion. It is possible to 
produce better random numbers the more effort one spends in calculating the numbers. 
Figs. 2 and 6 show how a simple doubling of the digits of the modulus improves the ran- 
domness of the generator. In general we can produce arbitrarily good random numbers 
with e.g. do = 32 and large k in Eq. (||). 

Thirdly, the properties of the random numbers should be known as detailed as possible. 
It is not sufficient to use a messy, opaque formula. It has often been seen that this leads 
to numbers which are far from being random |2j. As long as one is not familiar with 
the qualities of the generator one can never rely on the results gained with it. The full 
evaluation of the generalized spectral test is supposed to provide a profound knowledge 
of the generator. 

We start with the development of the generalized spectral test in the next section. In Sec. 
H] we apply the test to a series of commonly used and some new generators. Finally we 
discuss the choice of parameters in Sec. (|. 

2 The generalized spectral test 
2.1 Review of the spectral test 

We start with a short review of the spectral test [ffl |2j in which we try to stress its 
geometrical meaning. The idea is to plot all n-tupels of successive random numbers in an 
n-dimensional diagram. This is done, e.g. for n = 2 in the figures of type II. 

Mathematically a figure is presented as a function g which is 1 at every dot and 
elsewhere. If Nx is the period of the generator X, that is the smallest number with 
X k+Nx = X k Vfc, then 

Nx 

g(x 1 ,...,x n ) = J2 s xuX k -"S Xnt x h+n ^ 1 = 5 x,X fc , (4) 

k=l k& Nx 

where 5 a ,b = 1 if a = 6 and 5 a ,b — if a ^ h (for later convenience we also write the 
Kronecker 5 as 5 a= b). Moreover we have introduced the notation 

X fc = (X k ,X k+1 , . . .,X fc+n _i) , x = (xx,x 2 , . . .,x n ) , Z Nx =Z/N x Z. (5) 

We want to check whether the dots accumulate along certain hyper-planes (see e.g. 
the lines in Fig. 311). To this end we select a hyper-plane and project all the dots onto a 
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line perpendicular to it. If points accumulate along the plane many dots will lie on top 
of each other, otherwise the dots are spread uniformly over the line. 
The hyper-plane H is determined by its Hesse normal form 

H — {x : siXi + s 2 x 2 + . . . + s n x n = s • x = 0} , |s| = V s • s = \J s i + ■ ■ ■ + s n 7^ • (6) 

The line is stretched by the factor |s|. The position of a point on the line perpendicular 
to the plane is given by the number s • X^. 

Next we wind the line up to a circle so that the modulus M as point on the line lies 
on top of the 0. For a suitable choice of s, namely s = (—1,25) all points in Fig. 311 lie 
now on the point represented by the number 25. 

The points are realized as complex phases on the unit circle. We obtain the assignment 

/27U \ 

X fe ^ exp ( — s ■ XfcJ . (7) 

Finally we draw arrows from the center of the circle to all the dots and add them. The 
length of the resulting vector describes how the dots are balanced on the circle. If the 
dots spread uniformly the arrows cancel each other and the resulting vector is small. If, 
on the other hand, all dots lie on top of each other the length of the arrows sums up to 
N x . 

If we restrict ourselves to integer S\, . . . , s n (accumulation of random numbers always 
occur along hyper-planes given by integer Sj) the resulting vector is given by the Fourier 
transform of g, 

3 (s) = 7m x g x g (x) exp ( m s ' x ) = vm £ x ^ I i7 s ' x ■ (8) 

where we have introduced the normalization factor Nx~ ■ The information about accu- 
mulations along the hyper-plane is contained in \g\ 2 , the phase of g is irrelevant. 

We remember that for the mixed multiplicative generator the n-tupels form a lattice 
(which is displaced off the origin). So |^| 2 (s) will assume the maximum value Nx if s 
lies in the dual lattice, s • X& = C + £M, C, i G Z, otherwise |g| 2 (s) is zero. Since 
Xk = c(a k — l)/(a — 1) modM this means, if gcd(c, M) = 1 and X has full period, that 
Vk : (a k - l)s a = 0modMgcd(a - 1, M) from which Eq. (|IJ) follows (cf. Sec. [3"^). 



2.2 Generalization of the spectral test 

We generalize the spectral test by caring for the sequence in which the n-tupels are 
generated. The index k is added to the n-tupel X& as zeroth component and we define g 

as 

g(x ,x)= Mx,x t = ^x,x I0 . (9) 

fceZjv x 
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The geometrical interpretation remains untouched but now we consider also the figures 
of type I. The Fourier transform of g is given by 

1 /2ni 2ni \ 

9 (so, s) = ^= JT^ exp {— s k + — s ■ X fc j . (10) 

The sum over k is hard to evaluate since in the exponential k is combined with X k . 
However in fact we are interested in \g\ 2 and find 

im2/ \ 1 /2ttz ,,. 2ni , 

M 0o,s) = tt- exp — s (k - k) + — s ■ (X k > - X fc/ 

= -4- £ exp(^s A£;) 51 exp (^s • (X fc+Afc - X fc )) . (11) 

Afcez^ V7V * y feez^ V M J 

The sum over k has no linear fc-dependence, only differences of random numbers occur. 
Like in the standard spectral test in many cases the sum over k can be evaluated. The 
result is often simple enough to be able to evaluate the sum over Ak also. 

Note that the standard spectral test corresponds to s = 0. We give some simple 
results on \g\ 2 in the following lemma. 
Lemma 2.1. 

\g\ 2 [X k+C2 +c 3 ](s ,s) = \g\ 2 [X k ](s ,s) , (12) 
|^| 2 (so,0) = N x 5 So=0mo<iNx , (13) 
]T \g\ 2 (s ,s) = N x (14) 



]T \g\ 2 (s , s) = M n if X fe = X k ,^ k = k' modiVx . (15) 



sez™ 



One may also be interested in correlations between non-successive random numbers like 
X k and X k +2- In general it is possible to study n-tupels X k+T = (X k+Tl , . . ., X k+Tn ). This 
amounts to replacing ~K k by X k+T and s a by s a ^ T = sia Tl + . . . + s n a Tn in our results. 



2.3 Valuation with the generalized spectral test 

Now we have to clarify how the calculation of \g\ 2 leads to a valuation of the generator. 

We can not expect that \g\ 2 vanishes identically outside the origin since in this case g 
would be constant. Eq. (14]) shows that the mean value of \g\ 2 is 1. 

What would we expect for a sum of truly random phases? Real and imaginary part 
of a random arrow with length 1 have equal variance 1/2. For large Nx the sum of 
arrows is therefore normally distributed with density 1/tcNx - exp (—(a; 2 + y 2 )/Nx)dxdy = 
exp(—r 2 /Nx)dr 2 /Nx- Thus z = \g\ 2 has the density exp(— z) for a true random sequence 
and the expected value for \g\ 2 is 1. 

This means that values of \g\ 2 < 1 can be accepted. It is clear that for a given 
(so,s) ^ (0,0) the correlations are worse the higher |g| 2 (so,s) > 1 is. But what does the 
location of an (sq,s) with |g| 2 (so,s) > 1 mean for the generator? 
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We remember that (sq, s) may be seen as normal vector on the hyper-plane along which 
the accumulations occur. If e.g. n — 1 and (so, si) = (1, 1) the corresponding 1-plane has 
the equation xq + x\ = (cf. e.g. Figs. 21, 31). If the fc-axis and the X^-axis are normalized 
to length 1 this line has length y2. With the normal vector (3,1) (cf. Fig. 41) one obtains 
the equation 3xo + x± = mod 1 which intersects the unit cube three times and therefore 
has the length V3 2 + 1 = Vl~0. Accumulations along this longer line are less important 
than along the short line. In the extreme case where the line fills the whole unit cube 
by intersecting it very often, accumulations can hardly be recognized. Note that in this 
sense the normal vectors (sq, si) and (2sq, 2si) do not determine the same line. The latter 
one contains e.g. the points (1/2,0), (0, 1/2), (1, 1/2), (1/2, 1). It has twice the length of 
the former one and too large a \g\ 2 has half the effect. 

We generalize these considerations to n > 1 by taking the area of the n-dimensional 
hyper-plane with normal vector (s , s) as measure for the importance of the accumulations 
detected. The area is given by \(sq, s)| = (sq + s 2 ) 1 / 2 , the Euclidean length of the normal 
vector. 

We can relate both mechanisms by defining the quality parameter 

Q n (S , S) = J ( g ° ,S ) - Q n = max ( S0)S ) e Z- xZ" \{0,0}Qn (so, s) . (16) 

\g [sq, s) \ z 

Good generators have Q\ ~ 1. It is hard to achieve Q n ~ 1 for n > 1 (see however Sec. 
|3.4|) . More realistic is Q n ~ M l l n ~ l (cf. Sec. |j) which means that the distribution of 
n-tupels deteriorates for higher n. In general small n are more important than large n. 
Apart from the value of Q n also the number of sites (so,s) at which Q n (so,s) = Q n is 
relevant (cf. Sec. [O] 1.). 

Let us try to find an interpretation for Q n . Assume the generator produces only mul- 
tiples of t\M. Then \g\ 2 (0, Sl = M/t, 0, . . ., 0) = N x , thus Q n (0, M/t, 0, . . ., 0) = M/tN x , 
and NxQn determines the number of non-trivial digits. In general N x Q n m ay be larger 
than M and therefore we say that M n = max(N x Q n , M) determines the number of digits 
we can rely on. Analogously = max(N x Q n , N x ) gives the quantity of random num- 
bers for which the n-tupel distributions are reasonably random. Specifically M n (so,s) = 
max(N x Q n (so, s), M) determines the digits and A n (so,s) = max(N x Q n (so, s), N x ) the 
quantity of random numbers not affected by accumulations perpendicular to (sq, s) (cf. 
|, ,p. 90]). 

Note however that these are only crude statements. If, e.g., the 'period' of the genera- 
tor is enlarged by simply repeating it then N x Q n (so, s) remains unaffected only if so = 0. 
Moreover a high |^| 2 (so,s) may be harmful even if |(sq,s)| is large. 

Note that Q n is a relative quality parameter. Although Q n usually does not increase 
with larger modulus (for n > 1 is actually decreases) the quality of the generator gets 
better since N x grows (cf. Fig. 2 vs. Fig. 6). 

3 Generators 

Here we restrict ourselves to the analysis of the most important generators. More examples 
are found in pj. 
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3.1 Xq = 1, = aX^modP 

Let P be a prime number and a a primitive element of Z P , the multiplicative group of 
Z P (Fig. 1). 

We start the analysis of this multiplicative generator with Eq. (|TTD . We find s-(X. k+ & k — 
X/J = s a a k (a Ak — 1) = s a k(a Ak — 1) modP for some ^ k e Zp. If k runs through the 
P — 1 values of Z P then sweeps out the whole Zp\{0}. Assume s a ^ (the case s a = 
is trivial), then the sum over k can be evaluated yielding P5a/c=o — 1- Finally the sum 
over Ak gives together with the normalization \g\ 2 = P/{P — 1) — <5 So =o- 



|<?| 2 (s ,s) 


sq = s ^0 


Sa = 


P-l 1/(P-1) 




o p/(p- 1) 



(17) 



We find that Q\ = Qi(l, 1) = V2(P — l)/P is independent of a and even greater than 1. 
For n > 2 only the case (s , s a ) = (0, 0) contributes to Q n and the discussion is equal to 
the case with power of two modulus presented in Sec. |j. We find 

N x = (P-l)P d -\ Q 1 = V2(P-1)/P, Q n > 2 « P 1 ^- 1 . (18) 

From a mathematical point of view odd prime number moduli give good random number 
generators. In particular N\ = P — 1, Mi = P whereas for the mixed multiplicative 
generator with a power of two modulus M we will find Ni = Mi = \f2M/&. So we need 
M > AP/y/2 to obtain power of two generators which behave better than generators with 
prime number moduli. However, one has to take into account that computers calculate 
automatically modulo powers of two. Moreover, the power of two generator will be im- 
proved in Sec. [O] until we achieve Q\ — 1. As a byproduct a better behavior of Q n for 
n > 2 is obtained, too. 

Best performance allow prime numbers of the form P = 2* ± 1 |. In this case 
a ■ b = C\l k + Ci leads to a ■ h = C2 =F CiinodP. The extra effort, compared with a 
calculation mod2 fc is one addition and, which is more important, the calculation of c\. 
In Ex. 7.1 we discuss the improved generator with M = 2 256 which can most easily be 
changed to M — 2 128 . Alternatively one may construct a generator mod 2 127 — 1 which is a 
prime number. This generator will however be more time consuming and moreover it has 
worse quality N x w 2 127 , N 2 w 2 63 - 5 , A> 3 w 2 42 - 3 , etc. vs. N x = 2 129 , N 2 w 2 86 - 3 , N 3 w 2 65 , 



etc. for the generator with power of two modulus (cf. Sec. |3~3| , Sec. So, power of two 
generators are more efficient than multiplicative generators with prime number modulus. 
The situation is slightly different if one considers multiply recursive generators with prime 



number modulus, analyzed in Sec. I^J and Ex. 7.2. 

Multiplicative generators with prime number modulus and primitive a produce every 
random number ^ OmodP exactly once in a period. We recommend to use a prime 
number modulus only if one needs this quality. 
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3.2 X = 0, X k+1 = aX k + cmodM 

Let M be any non-prime modulus, gcd(c, M) = 1 and let a ^ 1 have the following 
properties 

1.6= gcd (a — 1, M) contains every prime factor of M, 2. 4|6 if 4|M. (19) 

It was shown by Greenberger [0] for M = 2 d and by Hull and Dobell |§ for general M that 
this leads to the quality that every random number occurs exactly once in a period. This 
theorem can also be obtained by harmonic analysis in a little more general framework || . 

The generator is called mixed multiplicative generator with full period. 
Proposition 2. Let Mi be a divisor of M, then 

X kMl = ckM 1 ■ j 1 ' f 1 °f } modbM, . (20) 
( 1 + 0/2 , Mi odd I 

Proof. With a = db + 1 we find 

« fcMl - 1 , /\ fcMi - 1 „\ „ ^ / Mi/A , „,,-_ 2 
X fcMl = c— — — = cfcMi ^1 + dbj + cdb ^ ^ ^ J (o*) J 2 . 

Obviously N 9 ( A/lfc ) = ( M }*-~ l \Mik. Since j has at most j - 2 prime factors for j > 3 



and 6 has by definition every prime factor of Mi we obtain N 3 yj*ij{dby~ 2 k/j = 

( M j k ') (dby~ 2 /M\. Therefore the latter term drops modoMo and the former gives the 
result . □ 
Theorem 3. Let s ai M/b = gcd(s a , M/6). The Fourier transform of the mixed multiplica- 
tive generator with full period is 

\g\ 2 (s , s) = bs a>M/b 5 S0+CSa= i bSn M/h5 M m adbs a>M/b > ( 21 ) 

bB a,M/b 

where the Kronecker 5 gives 1 if the equation in the argument holds and otherwise. 
Proof. Since (c(a k — l)/(o — l))kez M gives every number modM exactly once, in (a k — 
l)feez M modM every multiple of 6 occurs 6 times. With s ■ (XAfc+fe — X*.) = s a a k X^k we 
get from Eq. (TTTT) after a rearrangement of the fc-sum 



l#| 2 Oo,s) = -J- 51 ex P (-W s ° Ak ) ' 6 51 ex P (t7 (** + x ) s « X Afc 
m AkeZ M v iW 7 kez M/b v iW 

The fc-sum gives M/6 if bs a X^ = OmodM and vanishes otherwise. Since gcd(6s a , M) = 
bs a ,M/b only that Ak contribute to \g\ 2 for which X^ k = Omod M/bs a> M/b- The generator 
has a full period, thus there are bs a> M/b such Ak. From Prop. 2 with Mi = M/bs a> M/b we 
find that these have the form Ak = kM 1 . Moreover, since M|s a 6Mi, 

\g\ 2 (s„,s) = ^ exp f ^ (soAMi + s a ckMi (l + ^ 2 | Ml )j) 

= OS a,A//6^ 0+CSa (i + | 52|M J =0modbSa M/;) • 

We get the result since cs a b/2 = — 6s aM / fe /2mod6s aj M/6 if 2|Mi. □ 
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Now the proper choice of the parameters a and c can be discussed. 

1. Choice of c. We can restrict ourselves to 1 < c < 6/2 since every c emerges from 
a c G (0,6/2) via translations (Xk i— > A'/,. . _y — Xaj; = « Afc ^fc) or reflection (X& i— > 
— Xfc). We can determine c by the condition that there should be no small (sq, s a ), 
gcd(M, s a ) = 1 with s + s a c = 6/2 • <5 2 |Af/ft mod6. If M/b is odd c m Vb gives 
Q^sq « A -1) ~ v / 6Tl/6 » 6- 1 / 2 . In the case where M/6 is even and 6 is small 
the choice c = 1 is best with the result Qi(s « s x « 6/4) « • (6/4)/6 = v^/4 ~ 
0.35. 

In the case of Fig. 3 with the 'wrong' choice c = 3 one has a = 9 mod 16, 6 = 8 and 
the smallest (s , si) with non-vanishing <? is (1,1). Since |<?| 2 (1, 1) = 8 we obtain 
Qi(l, 1) = v^2/8 ~ 0.18 (notice the correlations perpendicular to the (1, Indirection 
in Fig. 31). With the right choice c = 1 (Fig. 4) it takes an (s , si) = (1, 3) (or (3,1)) 
to get \g\ 2 = 8. Therefore <5i(l, 3) = v^TO/8 ~ 0.40 which means that the random 
numbers are more uniformly distributed in Fig. 41. The large value of Qi(l, 3) is yet 
misleading since Q x = Q x (-M/%,M/%) = y/2/8. However | g\ 2 assumes the small 
value of Qi at much less sites as in the case of c = 3 which means that the choice 
c = 1 is better than c = 3. 

Notice the similar pair distributions in Fig. 311 and Fig. 411. In general the quality 
dependence on c can not be obtained by the standard spectral test (corresponding 
to so = 0) since the n-tuple distributions are only shifted by a change of c. 

2. Choice of 6. In general 6 should be as small as possible in order to prevent \g\ 2 from 
being concentrated on too few points. If M/b is odd, c ~ y/b then Qi behaves like 
6 _1/2 . If M/b is even, c = 1 then Qi(s Q ,si) = Qi(s ~ si ~ 6/4) ps V2/4 for small 
(so, si) (cf. 1.). However Qi(—M/b, M/b) = \/2/b which forbids large values of 6. 

For a power of two modulus the smallest value possible is 6 = 4 which implies 
Qi = v^/4 (Fig. 2). In particular M = 10 d (Fig. 5) should be avoided since in this 
case 6 > 20. 

These arguments require s ^ 0. They are not obtained by the standard spectral 
test. 

3. Choice of a. Up to now we have evaluated |<?| 2 (so, s i) f° r n = 1 which is given by 6 
and c. In order to determine a more precisely we have to look at the distribution of 
n-tupels for n > 2. In this case Q n = min s Q n (so = 0, s a = 0) = min S:Sa=0 |s|/M. 
A further discussion of the choice of a is postponed to Sec. £|. We will see that a 
reasonable a gives Q n ~ M x l n V . 

Since s = this part of the choice of a is identical with the standard spectral test. 
Let us summarize the result for M = 2 d , 

c=l, a = 5mod8, max a min S:Sa=0 |s|, for n = 2, 3, . . . gives (22) 
N X = M, Q 1 = V2/A, Q n > 2 w M 1/n_1 . (23) 

A loss of randomness for n-tupels is avoided if one takes gcd(n, M) = 1. 
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3.3 X = 0, X k+1 = aX k + cint(/c/2)modM 

Let M = 2 d , 1 ^ a, a = 1 mod4 and c be odd (cf. Fig. 7). 

We have seen that the quality parameter Qi is not greater than \/2/4 for the mixed 
multiplicative generator with power of two modulus. This results in correlations along 
certain lines in the figures (cf. e.g. Fig. 21). This does not mean that mixed multiplicative 
generators can not be used if one takes large enough moduli (cf. Fig. 6 and Sec. |]). Nev- 
ertheless it is worth to look for a generator with behaves better. The generator presented 
in this section can be algebraically analyzed and it has Q± = 1. The implementation 
presented in Ex. 7.1 shows that it has good performance. It is possible to motivate the 
generator by geometrical arguments ||. 
Theorem 4. Let s a ^ M = gcd(s a ,M). 



i m I i -f cos ( ( s t^c^ — ^231 — Sj I I I ei» 

(24) 

X™ m = c(a k — l)/(a — 1) is the mixed multiplicative generator related to X. The period 
is N x = 2M. 

It is useful to put the proof in a more general context. It is given in ||. Here we only 
discuss the result. We obtain 

N X = 2M } Qi = l, Q 2 ~ M~ 1/3 , Q n >3 ~ M 1 ^™ -1 ^ 1 (25) 

as will be shown in Sec. f|. It is advantageous to have two parameters a and c at hand 
to optimize the quality of higher n-tuples and not only a as in the case of the mixed 
multiplicative generator. 

The generator does not provide full periods since |(?| 2 (0,si) = s^m 7^ 2MS S1=0 . How- 
ever the deviation from an exact uniform distribution is not larger than in a finite true 
random sequence. If one does not use the entire period of the generator (and this is not 
recommended because of the n-tupel distribution) the feature of having a full period is 
anyway irrelevant. If, for some reasons, one insists in a full period we recommend to use a 
multiplicative generator with prime number modulus or the multiply recursive generator 
which will be analyzed next. 

The generator of this section behaves in every aspect better than the widely used 
mixed multiplicative generator. This is also confirmed by the figures (cf. Fig. 2 and Fig. 
7). The extra effort in calculating random numbers is little (cf. Ex. 7.1). If n-tuples are 
used one should take odd n and occasionally omit one random number. 

Nevertheless the most essential step for producing good random numbers is to use 
large moduli (cf. Fig. 6 and Sec. ffl). 

3.4 X = l,X_i = ... = X_ r+ i=0, X k+1 = a r - 1 X k + ••• + a X k _ r+1 modP 

Let P be a prime number and have the maximum period of P r — 1 (Fig. 8). In 
this case the random number generator has a full period in the sense that every r-tuple 
(X , . . ., X r _i) 7^ (0, . . ., 0) occurs exactly once in a period. 
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Theorem 5 (Grube 0). Let 

P (A) = A r - a r -iX r ^ -...-a . (26) 

The corresponding generator has maximum period if and only if P is a primitive polyno- 
mial over Zpr. 

The proof is found in || Satz 2.1]. 
Theorem 6. Let Xk be defined as above and s = (s ■ Xfc) <fc<r = (Xj=i s jXk+j-i)o<k<r 
then \g\ 2 is given by the following table. 



|<?| 2 (s ,s) 


s = 


SO 7^0 


s„ = 


pr _ I 







l/(P r - 1) 


pr 1 (pr _ ^ 



(27) 



Proof. First we notice that (s ■ Xfc)^ obeys the same recursion relation as (Xk)k since 
s • Xfc + i = J2j=i s jXk+j = J2t=i a r-i J2j=i SjXk+j-e = J2i=i a r-£ s • Xfc + i_^. So, (s • Xfc)fc is 
either identically zero or it has maximum period. In the latter case every number e Z P 
is produced P r_1 times in a period and the zero is generated P r_1 — 1 times. Since the 
same holds for (s • (X fc+ Afe — ~^-k))k we get 



E 



/27T2 \ 
exp (^-^- S • ( X fc+Afc - X fe )J = P r 5 s .(X fe+Afc -X fc )=0 V0<fc<r 



If s a = then s ■ X^ = V7c, the Kronecker 5 gives 1 and from Eq. ([LTD we obtain 
|^| 2 (so, s a = 0) = (P r — l)5 So= o. If on the other hand s a ^ then (s ■ X/Jfc has maximum 
period and the Kronecker 5 vanishes unless Ak = 0. In this case Eq. (|TTD yields P r / (P r — 



i) - K=o- D 

The choice of parameters is determined by avoiding small s with s a = 0. For practical 
purposes it is more convenient to replace the condition s a = (s-X fe ) <fc< r = by the equiv- 
alent requirement = (s ■ X 1 _ fc ) 1 < fc < r <^> J2j=k s jXj-k = mod P , k — 1, 2, . . ., min(r, n). 
If n < r the only solution is s = OmodP. For n > r one has the problem of finding the 
smallest lattice vector of an n-dimensional lattice. The unit cell of this lattice has the 
volume P r (cf. Sec. |j). Thus for proper parameters the quality of the generator is 

N x = P r - 1 , Q 1 = Q 2 = ... = Q r = V2/(l- p- r ) , Q n>r « P r ' n - r . (28) 



This is the first generator which has Q n > 1 for 1 < n < r > 1. For 2 < n < r the 
generator has higher N n = P r — 1 but lower M n = P than the multiplicative generator 
modP r (Sec. fTLj with N n w M n w P r / n ). 

In particular if one needs the full periods this generator may be recommended. For 
prime numbers of the form P = 2 k ± 1 the generator has good performance, too. If the 
prime factors of P r — 1 are known it is no problem to find multipliers which lead to a full 
period. A short discussion of the choice of parameters for large P and r is given in the 
next section and an implementation is presented in Ex. 7.2. 
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4 Choice of parameters 



We start with a discussion of the mixed multiplicative generator (the multiplicative gen- 
erator is analogous). For practical purposes we can restrict ourselves to M = 2 d and 
a = 5 mod 8. We set c = 1 which is equivalent to any other odd c and assume n > 2 since 
the case n = 1 depends only on b which is 4 for a = 5 mod 8. 

From Eq. fl2~T|) we obtain, as long as bs a> M/b < M, that g vanishes unless s a> M/b\so ^ 
and therefore (A) Q n (s , s) = Jl + s 2 /s 2 M / b /4 > 1/4. However if s ai M/b = M/b we get 

\g\ 2 = M for (B) so = s a = mod M. This leads to Q n = \s\/M which for some s is much 
smaller than 1/4. 

So Eq. (B) is more important. We solve it for s± yielding s\ = kM — as 2 — a 2 Ss — 
. . . — a n ~ 1 s n depending on the free integer constants k, s 2 , s 3 , . . . , s n which give rise to 
an n-dimensional lattice (cf. ||). The lattice is given by an n by n matrix A according 
to s = A ■ (k, s 2 , ■ ■ ., s n ) T , and we read off 



( M -a -a 2 ... -a™" 1 \ 



.4 



V 



1 / 



( M -a 

1 -a 

1 
V 



—a 
1 



(29) 



where zeros have been omitted and both matrices define the same lattice since they differ 
only by SL(n, Z) lattice transformations. 

We denote the length of the smallest non- vanishing lattice vector by v n . Since the 
quality of the random numbers is determined by u n = MQ n we search for an a which 
large u n . Most important are small n, in particular the pair correlation n = 2. In the 
best case the lattice has a cubic unit-cell and v n is determined by the dimension of the 
lattice and the volume of the unit-cell. Since the volume is given by the determinant of 
A we get as an approximate upper bound v n < M 1//n . The calculation of v n is a standard 



problem in mathematics for which efficient algorithms exist [1C . 

To simplify the search for reasonable multipliers it is useful to have also a lower bound 
for v n . Due to the specific form of A it is easy to see that v n has to be larger than the 



smallest ratio > 1 between two elements of then set {1, a, a mod M, . 



- 1 mod M,M}. 



If we take e.g. a w M 1//2 we find ~ M 1 / 2 which is identical with the upper bound. 

Similarly we obtain w M 1//3 if we take a ~ M 1//3 or a ~ M 2 / 3 . However this 
is not compatible with a ~ M 1//2 and we only get u 2 ^ M 1//3 . On the other hand we 
can take a w M 1/2 + \M X ^ which differs little from M 1 / 2 . Therefore v 2 « M 1 / 2 and 



since a 



M + M 3 / 4 + iM 1 / 4 w M 3 / 4 modM we have u 3 > M 1 ' 4 . Generally, with 
a ~ M 1 / 2 + ^M 1 / 4 + . . . + ^-j-M 1 / 2 *" 1 (^ ie pl us signs ma y as well be replaced by minus 
signs) we get u n ^ M 1 / 2 ™ 1 as long as k > n and M 1 / 2 " 1 ^> 1. Note that M 1 / 2 " 1 is only 
a lower bound for v n . In the generic case v n will be close to M 1//n (cf. Ex. 7.1). 

Obviously v n increases with M. For all practical purposes the magnitude of M is 
only limited by the performance of the generator. In practice one has to split M into 
groups of digits (16 or 32 bit) that can be treated on a computer. The multiplication by 
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a performs best if the pre-factors 1/j are omitted. This should be done even though for 
a « M 1 / 2 + M 1 / 4 + . . . + M 1 ^ 1 the lower bounds for v n decrease, v n > M 1 / 2 "' 1 /(n - 1)!. 
Note that the number of digits of M is much more important for randomness than the 
fine-tuning of a. 

Finally, we have to add not too small a constant ao = 5 mod 8 (16 or 32 bit) to the sum 
of powers of M. This constant can be fixed by explicit calculation of the v n or by looking 
at (A) from the beginning of this section which implies that ao should have large |s| for 
all 16 < m = s^jiflM 1 / 2 * -1 . A suitable choice is e.g. a = 3 580 621 541 = 62 181 mod2 16 . 
With this value of ao we find |s| ~ m x l n for n — 2, 3. 

We summarize the result for the parameters of the mixed multiplicative generator: 



M = 2 2 " do , c = 1 , a = 
a = 5 mod 8 , a « 2 d ° , 
iV x = 2 256 , Q! = V2/4 



2 d 



+ ... + 2 2do + a , with 



e.g. a = 3 580 621 541mod2 d ° , leads to 



(30) 



Now we turn to the improved generator of Sec. \5.3\ The Fourier transform of the 
generator is given by Eq. (f2~4~|). We set n > 2 since independently of the parameters 
Qi = 1. Further on, we fix an m\M and find that \g\ 2 = m if and only if (C) s a = km, k 
odd if m < M, and (D) s + ^ Z)"=2( aJ _1 — l) s i = (We neglect here that |g| 2 may 
even be 2M for m = M.) Eq. (C) can be solved for si and Eq. (D) for s depending on 
the integer parameters k, £, S2, ■ ■ ■ , s n . This gives rise to an (n + l)-dimensional lattice 
(for m < M we actually obtain an affine sub-lattice since k has to be odd) determined by 
the matrix B via (sq, s) = B ■ (£, k, S2, ■ ■ ., s n ) T , 



B 



( vn — c 
m —a 
1 



. . . -c{a n ~ 2 + . . . + 1) \ / 

,71-1 



-a" 



m —c —c 
m —a 

1 -a 

1 



-r \ 



(31) 



m — c 
in —a 
1 



V 



a 



a 2 + a 



—a — 1 —a 2 — a — 1 
1 

1 



a' 1 - 2 + . . . + a 
-a n ~ 2 - ... - 1 



/ 



(32) 



where again zeros have been omitted. 

B describes an (n+ l)-dimensional lattice which has a unit-cell with volume m 2 . However 
this does not imply that the smallest lattice vector v n has length of about m 2 ^ n+1 '. We 
see from ( |32|) that there exists an (n — l)-dimensional sub-lattice with sq = and S2 = 
~ s i — S3 — ■ ■ ■ — s n (delete the first and the third row and column in (|3"2"D). The unit-cell of 
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the sub-lattice has volume m and v n ps m 1 ^™ -1 ) which, for n > 4, is smaller than m 2 '( n+1 ). 
The smallest lattice vector for n > 4 will have the form (0, s\, —s\ — S3 — . . . — s n , S3, . . ., s n ) 
with the length (s 2 + s| + . . . + s 2 + (si + S3 + . . . + Sn) 2 ) 1 ^ 2 . Since this is of about the same 
magnitude as (s| + S3 + . . . + s 2 ) 1 / 2 we may simply omit s 2 and reduce the problem to 
the (n — 1) dimensions given by (si, S3, . . ., s n ). Geometrically this means that the lattice 
corresponding to B for n > 4 never has an approximately cubic unit-cell. Note moreover 
that the sub-lattice is independent of c which means that c can not be fixed by looking 
at the n-tupel distributions for n > 4. 

The smallest value of Q n = v n jm is obtained for m = M which is thus the most 
important case. For m = M we are not restricted to odd k. The situation is similar to the 
(n— l)-dimensional case of the mixed multiplicative generator, Eq. (|29|) , with —a? replaced 
by a j +a j ~ 1 +. . .+a. This allows us to use a = M 1/2 +M 1/4 + . . .+M 1/2k ~ 1 +a again. Since 
1 < a w M 1 / 2 < a 2 modM w 2M 3 / 4 < . . . < a™- 2 modM w (71 - 2)!M 1 - 22 "™ < M 
we have a- 7 + a- 7-1 + . . . + a m a J modM. The minus sign is irrelevant, thus we can 
copy the corresponding lower bounds from the mixed multiplicative generator: u n <; 
M 1/2 "' 2 /(n - 2)! for k + 1 > n > 4. The constant ao is given by the case m < M as will 
be discussed below. 

The constant c can be fixed by the case n = 2. We have to meet two equations (E) 
Si + as 2 = OmodM and (F) s + cs 2 = OmodM to get \g\ 2 = M. Both equations are 
solved by e.g. s = — c, s x = — a w — M 1//2 , s 2 = 1 with |(s , s)| w (c 2 + M) 1 / 2 . In order to 
reach the theoretical limit v 2 ~ M 2 / 3 one needs c ^ M 2 / 3 . So, the simplest ansatz for c is 
c = M A + 1 for A > 2/3, A/f A G N. On the other hand, if si = M 1 ~ A s' 1 , s 2 = M 1 ~ x s' 2 then 
s' x + as 2 = mod M x has a solution with |s'| < M A / 2 . Since (F) is solved by s = — M 1_A s' 2 
we find |(so,s)| « |s | ^ M 1_A M A / 2 = M 1_A / 2 . To allow for the maximum value M 2 / 3 
one needs A < 2/3. In general, c should not have more successive zero digits than M 2//3 
has. The simplest reasonable choice is therefore c = M 2 / 3 + 1. We can generalize this 
slightly to c = (2 dl + l)co, where Co is a 16 or 32 bit number and 2 dl < M 2 / 3 < c 2 dl . 
This choice of c leads to best performance among all reasonable c. We will see in Ex. 7.1 
that it actually gives z/ 2 w M 2 / 3 and z/ 3 w M 1//2 . As a lower bound for z/ 2 , i/ 3 one has only 
the values M 1 / 2 , M 1 / 4 that are obtained from Eqs. (E), (C) alone. 

Now we determine Cq and a by looking at s a> M = m < M. The case m < M is 
more important than for the mixed multiplicative generator since Q n is not limited by 
1/4. To some extent the smaller Q n for m < M is compensated by the fact that for 
small m there are more points with s a = odd • m. We use ao = 3 580 621 541 as for the 
mixed multiplicative generator and find with Co = 3 370 134 727 = 11 463 mod 2 16 that 
Q 2 (s , s) w m 2 / 3 " 1 and Q 3 (s , s) ps m 1 / 2 " 1 if s« iA f = m. 

We summarize the result for the generator of Sec. |3.3j : 




+ 1 ) Co, with 



a = 5 mod 8 , a « 2 d ° , c odd , c > 2 2/3 ' d ° , 

e.g. a = 3 580 621 541mod2 d ° , c = 3 370 134 727mod2 d ° leads to 
N x = 2 25 \ Qi = l, g.^M 2 / 3 " 1 , Q n > 3 ^ M 1 ^- 1 )- 1 . 



(33) 



Finally we give a short discussion of the multiply recursive generator of Sec. [O] (cf. 



4 CHOICE OF PARAMETERS 



15 



Ex. 7.2). 

P should not be taken too small to provide enough digits for the random numbers. To 
optimize the performance one should use a prime number of the form P = 2 d ± 1, e.g. 
P = 2 31 — 1. Moreover we set a r _i = 1, a r _ 2 = . . . = a\ — 0. 

The most severe problem is to find the prime factors of P r — 1. To this end it is useful 
to take r = 2 k since in this case P 2 — 1 = (P 2 + 1) ■ . . . ■ (P + 1) • (P — 1) and one is 

nfc — 1 

basically left with the problem to determine the prime factors of P +1. 

Afterwards it is easy to find an a G Z P that makes the polynomial P(A) = A r — A r_1 — 
a primitive over Zpr. Since 



X& 

Xk-i 



\ 



+1 / 



/ 1 \ 





with X 



o r _i a, — 2 
1 



V 



d\ CLq 







(34) 



a necessary and sufficient condition for a maximum period is X^ pr ^ = ImodP and 
modP for all prime factors p of P r — 1. High powers of X are easily 
computed. If N = £&;2\ 6< £ {0, 1} then X N = T[ {i , b . =1} X* and X 2 ' = (X 2 '" 1 ) 2 . 

Now one has to check the n-tupel distributions for n > r. We found (Eq. (P7|)) 
that \g\ 2 = P r — 1 if and only if sq = and s a = 0. The latter equation is equivalent 
to = J2]=k s jXj-k = ^fcP, k = 1,2, ...,r, £k £ Z (cf. Sec. |3~4]) and gives rise to an 



n-dimensional lattice determined by C via s = C ■ (£±, 



s r +i, 



/ 1 



\ 



P -X, 

1 



-X 



n— k 



V 



/p 



/ 



•j s n) j C 



-a 



P -1 



C\ • • • C r 



-a 



-1 



V 



1 J 

(35) 

(after some lattice transformations) if r < n < 2r and a r _i = 1, a r _2 = . . . = cti = 0. The 
determinant of Cq is P r , however the symmetry of Co leads to u r+ % — . . . — u^r = v which 

is eiven by the shortest lattice vector of the 2 by 3 matrix f ^ ^ ? 

V -oo -1 1 

second and third row are identical (up to a minus sign) the problem is analogous to the 
calculation of v<i in the case of the mixed multiplicative generator. We obtain v < 2 1 / 4 P 1 / 2 
with a w 2 1 / 4 P 1 / 2 w 55109 for P = 2 31 - 1. 



Since the 



We summarize the result for the generator of Sec. |3.4j: 



P 



1 , prime 



*r-l 



1, a 



r-2 



Ql = 0, a w 2 1/4 P 1/2 , with 



X (pr " 1} = ImodP and X (p '" 1)/p ^ ImodP Vp| (P r - 1) , p prime, leads to 



N; 



X 



Qi 



Q r w V2 , Q 



r+1 



Q 2r « 2 1 / 4 P 1 / 2 - 



(36) 
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Notice that the effort for calculating random numbers does not increase with r. 

Let us finally mention that the quality of the n-tupel of the (non-successive) random 
numbers X{, Xk 2 +i, . . ., Xk n +e deteriorates to Q n ^ p( r - d )/ n ~ r jf there exist d > r—n values 
of j G {—1, • • ., — r} with Xj = (see the remark at the end of Sec. |2.2|) . In particular 
if Xk-i = . . . = Xk-r+i = the pair (X ,Xk) has quality of less than p l l 2 ~ T because 
aXi = bXk+e W if a = bXk mod P. From Eq. ( [34]) we see immediately that this happens 
for multiples of k = (P r — 1)/(P — 1) (notice the equidistant zeros in Fig. 81). This makes 
it not desirable to use more than (P r — 1)/(P — 1) multiply recursive random numbers. 
Example 7. 



1. We set M = 2 256 = 2 2 16 , a = 2 128 + 2 64 + 2 32 + 62 1 81 and in case of the generator 
of Sec. p.3| c = (2 160 + 1) ■ 11 463. In the following table we compare the mixed 
multiplicative generator with the generator of Sec. |3.3| . The results can easily be 
obtained with a computer algebra program and Eq. (|2T 





Xk+i — aX k + 1 


Eq. (0) 


Xk + i = aXk + cink (k/2) 


Eq. (H) 


ai 


0.99414 


0.99414 


1.00000 


1.00000 


a 2 


0.50000 


0.50000 


0.65658 


0.66667 


a 3 


0.33203 


0.33333 


0.49783 


0.50000 


«4 


0.24859 


0.25000 


0.33436 


0.33333 




0.19721 


0.20000 


0.24636 


0.25000 


a 6 


0.16335 


0.16667 


0.19882 


0.20000 



(37) 

We see a good agreement of the quality parameters with the approximate upper 
bounds. This means that our choice of parameters is satisfactory. Moreover the 



table confirms that the quality parameter of the generator of Sec. |3.3| lies above the 
quality of the mixed multiplicative generator. 

Finally we present an implementation of the generator in Pascal. We group the 
digits of Xk to 16 blocks of 16 digits X[l] , . . . , X[16] starting from the highest 
digits. 

unit randoml ; 
interface 

const n=16; n0=(n+2) div 3; a0=62181; c0=11463; 
var X : array [1 . .n] of longint; 
procedure nextrandom; 
implementation 

var even: boolean; i:word; c: longint; 
procedure nextrandom; 
var j ,k:word; 
begin 

if even then inc(c,cO); even:=not even; 
for j:=l to n do begin 
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X[j] :=X[j]*aO; 

k: =2; while j+k<=n do begin inc(X[j] ,X[j+k] ) ;k:=k shl 1 end end; 
inc(X[n-l] ,X[n] shr 16); X[n]: = (X[n] and $FFFF)+c; 
inc(X[nO-l] ,X[nO] shr 16); X[nO] : = (X[nO] and $FFFF)+c; 
for j:=n downto 2 do begin 

inc(X[j-l] ,X[j] shr 16); X[j] :=X[j] and $FFFF end; 
X[l] :=X[1] and $FFFF 
end; 

begin for i:=l to n do X[i] :=0; c:=0; even:=true end. 

The corresponding mixed multiplicative generator is obtained by omitting or chang- 
ing the lines containing c. On a 100MHz Pentium computer this (not optimized) 
program produces 19 563 random numbers per second whereas 20 938 mixed mul- 
tiplicative random numbers can be produced. A loss of speed of about 6.6% seems 
us worth the gain of better random numbers. Note that the number c suffers an 
overflow every about 750 000th random number. This does not affect randomness 
and it is not worth the effort to correct this flaw. 

2. We set P = 2 31 - 1, r = 8 which leads to P r - 1 = 2 34 • 3 2 • 5 • 7 • 11 • 17 • 31 • 41 • 151 • 
331 • 733 • 1709 • 21529 • 368140581013 • 708651694622727115232673724657. Moreover 
we take a r _i = 1, a r _2 = • • • = cli = 0, ao = 60 045 yielding 

X = 1,X- 1 = ... = X- 7 = 0, X k+1 = X k + 60 045X fc _ 7 mod 2 31 - 1 , (38) 

Nx = P 8 -l K 2 248 , Q 1 = ...=Q 8 = (P 8 ) ™-\ Q 9 = . . . = Q 16 = ( P 8) 0-06368-1 ^ 

The following program gives on a 100MHz Pentium 74 473 random numbers (X [k] ) 
per second. 

unit random2; 
interface 

var X : array [0. .7] of longint; k: integer; 
procedure nextrandom; 
implementation 
const a0=60045; 

var i: integer; x0,xl,x2: longint; 

procedure nextrandom; 

begin 

x0:=X[(k+l) and 7] ; 

x2:=(x0 and $FFFF)*a0; xl:=(x0 shr 16)*a0+(x2 shr 16); 
x2:=(x2 and $FFFF)+(xl shr 15)+((xl and $7FFF) shl 16); 
if (x2 shr 31)=1 then x2:=(x2 xor $80000000)+l ; 
inc(x2,X[k]) ; 

while (x2 shr 31)=1 do x2:=(x2 xor $80000000)+l ; 
k:=(k+l) and 7; 

if x2=$7FFFFFFF then X[k]:=0 else X[k] :=x2 
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end; 

begin k:=0; X[0]:=1; for i:=l to 7 do X[i] :=0 end. 

5 Results and outlook 

We have generalized the spectral test. As the new feature we analyze the sequence of 
random numbers (I in the figures) not only the distribution of n-tupels (II in the figures). 

We saw that the mixed multiplicative generator did not pass the test with an ideal 
result. We were able to construct an improved generator which has the recursion formula 

X = 0, X k+l = aX k + c int(fc/2) mod 2 d . (39) 

For the choice of the parameters a, c, d we made suggestions in Eq. fl3"3"|). This generator 
(or the multiply recursive generator given in Eq. (j3lf) ) seems us to be the best choice in 
quality and performance. An implementation of a generator of this type with modulus 
2 d = 2 256 w 10 77 was presented in Ex. 7.1. The calculation of random numbers is fast 
even though the modulus is that large. We think that for all practical purposes pseudo 
random numbers generated with this generator can not be distinguished from a true 
random sequence. 

We were able to analyze this and several other generators. The choice of parameters 
was discussed in Sec. f|. 

For practical purposes there is essentially no need for further improvements. From a 
purely mathematical point of view however there are lots of open questions. 

Some further generators are discussed in || . However there is still little known about 
multiplicative generators with prime number modulus and a non-primitive multiplier. In 
this case N\g\ 2 (so, si) is given as zero of the polynomial 

P S0 (Y)= II (Y-N\g\ 2 (s , Sl )) . (40) 

For multiplicative generators P SQ (Y) = Y M — MNY^' 1 " 1 + . . .. Numerical calculations 
show that P So has integer coefficients. We were not able to prove this for sq ^ nor to 
analytically determine the coefficients for non-trivial examples. 

Further on, the Fourier analysis of generators involving polynomials may lead to in- 
teresting results. Here exist some connections to the theory of Gaufi sums. 

Finally we would be interested in multiply recursive generators. Those generators are 
given by a matrix-valued multiplier. The simplest example with a prime number modulus 
was presented in Sec. |3.4| . In this section we saw that multiply recursive generators are 
also the best candidates for being even more efficient than the generator given in fl39|) . 
In this connection multiply recursive generators with power of two modulus may be of 
special interest. 
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Figures 

Some graphs of random number generators are presented to give a visual impression of 
what the generator looks like. There are two possibilities to draw a two-dimensional 
plot: first (I), to plot the k-th random number X k over k and second (II), to plot X k+1 
over X k presenting the pair correlation. The third part of the figures give the absolute 
of the Fourier transform of I. \g\ 2 (so,si) is a measure for the correlations along a line 
perpendicular to (s , s\) in I (cf. Eq. (|T6|) ). For ideal generators \g\ 2 should be < 1 and 
Figs. I and II should look like first rain drops on a dry road. 



Fig. 1: X = 1, X k+1 = 195X k mod 1009 
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Fig. 2: X = 0, X k+1 = 37X k + 1 mod 1024 
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5 RESULTS AND OUTLOOK 




-- AlX k + 3 mod 1024 
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Fig. 4: X 
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0, X k+ i = 41X fc + 1 mod 1024 
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Fig. 5: X = 0, X, 




21X, + 1 mod 1000 
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Fig. 6: X = 0, X k+ i = (37+ 1024)X fc + lmodl024 2 
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Fig. 7: X = 0, X k+1 = 37X k + 129 int(fc/2) mod 1024 



Xu 



■« v * : ■ . * ■ ■ .• ■ _y : »,---. ' . * . 1 



vV- ■■■ 



x 



k+l 



S -Vi r^J"\.;< •*.:•*•> ? 

f yH ■>^:<:w , i<;.-.¥. A " 



si 4 
1 

2 
1 1 



2 



ii 



4 
1111 
2 2 
1 1 1 







II 



X u 



s 



Fig. 8: X = 1, X_x = 0, X k+1 =X k + 7X k . x mod 31 
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